Lists Home |
Date Index |
>>>Imagine requesting medical
>>>records; because of my "only endpoints" requirement -- imposed by
>>>us HIPPA regulations -- SSL will not suffice.)
>>Could you describe how SSL fails to satisfy?
> Perhaps the HTTPS server isn't the endpoint in the sense relevant to the
> security constraint ... but it will see the cleartext URI.
Yes. In addition, SSL works by having two parties share a common key.
That makes digital signature and non-repudiable disclosure impossible:
each party could claim the other signed or exposed the data. Public-key
crypto does not have those attributes.